From 54c03acaa425d79412e11e74242ba84576e4e782 Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Mon, 11 Dec 2023 10:53:04 -0300 Subject: [PATCH 1/2] INT-9845: improve error matching --- src/gsuite/clients/GSuiteClient.ts | 1 + src/steps/chrome-extensions/index.ts | 4 +++- src/steps/chrome-os-devices/index.ts | 4 +++- src/steps/domains/index.ts | 4 +++- src/steps/endpoint-devices/index.ts | 4 +++- src/steps/groups/index.ts | 12 +++++++++--- src/steps/mobile_devices/index.ts | 4 +++- src/steps/role_assignments/index.ts | 4 +++- src/steps/roles/index.ts | 4 +++- src/steps/tokens/index.ts | 4 +++- src/steps/users/index.ts | 4 +++- 11 files changed, 37 insertions(+), 12 deletions(-) diff --git a/src/gsuite/clients/GSuiteClient.ts b/src/gsuite/clients/GSuiteClient.ts index b2ac70d..7d2dde6 100644 --- a/src/gsuite/clients/GSuiteClient.ts +++ b/src/gsuite/clients/GSuiteClient.ts @@ -20,6 +20,7 @@ export const authorizationErrorResponses = [ 'Not Authorized to access this resource/api', 'The caller does not have permission', 'Provider authorization failed at', + 'Please ensure that your API client in GSuite has the correct scopes', ]; export type PageableGaxiosResponse = GaxiosResponse< diff --git a/src/steps/chrome-extensions/index.ts b/src/steps/chrome-extensions/index.ts index a57cd6b..6bf40f7 100644 --- a/src/steps/chrome-extensions/index.ts +++ b/src/steps/chrome-extensions/index.ts @@ -39,7 +39,9 @@ export async function fetchChromeExtensions({ } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/chrome-os-devices/index.ts b/src/steps/chrome-os-devices/index.ts index d820073..f24658f 100644 --- a/src/steps/chrome-os-devices/index.ts +++ b/src/steps/chrome-os-devices/index.ts @@ -53,7 +53,9 @@ export async function fetchChromeOSDevices( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/domains/index.ts b/src/steps/domains/index.ts index c747b4d..2c24d8a 100644 --- a/src/steps/domains/index.ts +++ b/src/steps/domains/index.ts @@ -24,7 +24,9 @@ export async function fetchDomains( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/endpoint-devices/index.ts b/src/steps/endpoint-devices/index.ts index 8501d81..28607d2 100644 --- a/src/steps/endpoint-devices/index.ts +++ b/src/steps/endpoint-devices/index.ts @@ -60,7 +60,9 @@ export async function fetchUserDevices( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/groups/index.ts b/src/steps/groups/index.ts index 3f6807e..564a812 100644 --- a/src/steps/groups/index.ts +++ b/src/steps/groups/index.ts @@ -71,7 +71,9 @@ async function createGroupEntities( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, @@ -126,7 +128,9 @@ async function iterateGroupMembers( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, @@ -321,7 +325,9 @@ export async function fetchGroupSettings( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/mobile_devices/index.ts b/src/steps/mobile_devices/index.ts index 3950b3a..0f7c132 100644 --- a/src/steps/mobile_devices/index.ts +++ b/src/steps/mobile_devices/index.ts @@ -53,7 +53,9 @@ export async function fetchMobileDevices( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/role_assignments/index.ts b/src/steps/role_assignments/index.ts index cf96759..eac73c4 100644 --- a/src/steps/role_assignments/index.ts +++ b/src/steps/role_assignments/index.ts @@ -66,7 +66,9 @@ export async function fetchRoleAssignments( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/roles/index.ts b/src/steps/roles/index.ts index bd3ebb9..0db4d13 100644 --- a/src/steps/roles/index.ts +++ b/src/steps/roles/index.ts @@ -47,7 +47,9 @@ export async function fetchRoles( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/tokens/index.ts b/src/steps/tokens/index.ts index 80e157d..7b3cdd8 100644 --- a/src/steps/tokens/index.ts +++ b/src/steps/tokens/index.ts @@ -83,7 +83,9 @@ export async function fetchTokens( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/users/index.ts b/src/steps/users/index.ts index 897bc4e..6ce14ea 100644 --- a/src/steps/users/index.ts +++ b/src/steps/users/index.ts @@ -74,7 +74,9 @@ export async function fetchUsers( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.includes(err.statusText) + authorizationErrorResponses.filter((errorText) => + err.statusText.match(errorText), + ).length > 0 ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, From 03fb49505f5f0e355aa323d6d7d47bedacb1ff82 Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Mon, 11 Dec 2023 11:37:34 -0300 Subject: [PATCH 2/2] Fix comment --- src/steps/chrome-extensions/index.ts | 6 ++---- src/steps/chrome-os-devices/index.ts | 6 ++---- src/steps/domains/index.ts | 6 ++---- src/steps/endpoint-devices/index.ts | 6 ++---- src/steps/groups/index.ts | 5 ++--- src/steps/mobile_devices/index.ts | 6 ++---- src/steps/role_assignments/index.ts | 6 ++---- src/steps/roles/index.ts | 6 ++---- src/steps/tokens/index.ts | 6 ++---- src/steps/users/index.ts | 6 ++---- src/utils/isAuthorizationError.ts | 9 +++++++++ 11 files changed, 29 insertions(+), 39 deletions(-) create mode 100644 src/utils/isAuthorizationError.ts diff --git a/src/steps/chrome-extensions/index.ts b/src/steps/chrome-extensions/index.ts index 6bf40f7..b294bb7 100644 --- a/src/steps/chrome-extensions/index.ts +++ b/src/steps/chrome-extensions/index.ts @@ -12,7 +12,7 @@ import { import { GSuiteInstalledAppsClient } from '../../gsuite/clients/GSuiteInstalledAppsClient'; import { chromemanagement_v1 } from 'googleapis'; import { RawInstalledAppEntity } from './types'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; const APP_EXTENSION_TYPE = 'EXTENSION'; @@ -39,9 +39,7 @@ export async function fetchChromeExtensions({ } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/chrome-os-devices/index.ts b/src/steps/chrome-os-devices/index.ts index f24658f..402bfef 100644 --- a/src/steps/chrome-os-devices/index.ts +++ b/src/steps/chrome-os-devices/index.ts @@ -16,7 +16,7 @@ import { } from './converters'; import { GSuiteChromeOSDeviceClient } from '../../gsuite/clients/GSuiteChromeOSDeviceClient'; import getAccountEntity from '../../utils/getAccountEntity'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; export async function fetchChromeOSDevices( context: IntegrationStepContext, @@ -53,9 +53,7 @@ export async function fetchChromeOSDevices( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/domains/index.ts b/src/steps/domains/index.ts index 2c24d8a..f476b9b 100644 --- a/src/steps/domains/index.ts +++ b/src/steps/domains/index.ts @@ -7,7 +7,7 @@ import { IntegrationConfig, IntegrationStepContext } from '../../types'; import { entities, IngestionSources, Steps } from '../../constants'; import { createDomainEntity } from './converters'; import { GSuiteDomainClient } from '../../gsuite/clients/GSuiteDomainClient'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; export async function fetchDomains( context: IntegrationStepContext, @@ -24,9 +24,7 @@ export async function fetchDomains( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/endpoint-devices/index.ts b/src/steps/endpoint-devices/index.ts index 28607d2..abf772e 100644 --- a/src/steps/endpoint-devices/index.ts +++ b/src/steps/endpoint-devices/index.ts @@ -19,7 +19,7 @@ import { VIEW, } from '../../gsuite/clients/GSuiteDeviceClient'; import getAccountEntity from '../../utils/getAccountEntity'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; export async function fetchUserDevices( context: IntegrationStepContext, @@ -60,9 +60,7 @@ export async function fetchUserDevices( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/groups/index.ts b/src/steps/groups/index.ts index 564a812..c64f2de 100644 --- a/src/steps/groups/index.ts +++ b/src/steps/groups/index.ts @@ -33,6 +33,7 @@ import { MemberType, } from './converters'; import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; const GROUPS_LOG_INTERVAL = 50; @@ -71,9 +72,7 @@ async function createGroupEntities( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/mobile_devices/index.ts b/src/steps/mobile_devices/index.ts index 0f7c132..12c8323 100644 --- a/src/steps/mobile_devices/index.ts +++ b/src/steps/mobile_devices/index.ts @@ -16,7 +16,7 @@ import { } from './converters'; import { GSuiteMobileDeviceClient } from '../../gsuite/clients/GSuiteMobileDeviceClient'; import getAccountEntity from '../../utils/getAccountEntity'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; export async function fetchMobileDevices( context: IntegrationStepContext, @@ -53,9 +53,7 @@ export async function fetchMobileDevices( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/role_assignments/index.ts b/src/steps/role_assignments/index.ts index eac73c4..7f9cecd 100644 --- a/src/steps/role_assignments/index.ts +++ b/src/steps/role_assignments/index.ts @@ -10,7 +10,7 @@ import { IngestionSources, relationships, Steps } from '../../constants'; import { GSuiteRoleAssignmentClient } from '../../gsuite/clients/GSuiteRoleAssignmentClient'; import { getUserEntityKey } from '../users/converters'; import { getRoleEntityKey } from '../roles/converters'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; export async function fetchRoleAssignments( context: IntegrationStepContext, @@ -66,9 +66,7 @@ export async function fetchRoleAssignments( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/roles/index.ts b/src/steps/roles/index.ts index 0db4d13..23ca3d1 100644 --- a/src/steps/roles/index.ts +++ b/src/steps/roles/index.ts @@ -16,7 +16,7 @@ import { import { createRoleEntity } from './converters'; import { GSuiteRoleClient } from '../../gsuite/clients/GSuiteRoleClient'; import { getAccountKey } from '../account/converters'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; export async function fetchRoles( context: IntegrationStepContext, @@ -47,9 +47,7 @@ export async function fetchRoles( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/tokens/index.ts b/src/steps/tokens/index.ts index 7b3cdd8..240baae 100644 --- a/src/steps/tokens/index.ts +++ b/src/steps/tokens/index.ts @@ -19,7 +19,7 @@ import { createUserAssignedTokenRelationship, } from './converters'; import { createVendorTypeFromName } from '@jupiterone/vendor-stack'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; export async function fetchTokens( context: IntegrationStepContext, @@ -83,9 +83,7 @@ export async function fetchTokens( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/steps/users/index.ts b/src/steps/users/index.ts index 6ce14ea..4aac3f6 100644 --- a/src/steps/users/index.ts +++ b/src/steps/users/index.ts @@ -18,7 +18,7 @@ import { createSiteHostsUserRelationship, } from './converters'; import getAccountEntity from '../../utils/getAccountEntity'; -import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient'; +import { isAuthorizationError } from '../../utils/isAuthorizationError'; export async function fetchUsers( context: IntegrationStepContext, @@ -74,9 +74,7 @@ export async function fetchUsers( } catch (err) { if ( err instanceof IntegrationProviderAuthorizationError && - authorizationErrorResponses.filter((errorText) => - err.statusText.match(errorText), - ).length > 0 + isAuthorizationError(err.statusText) ) { context.logger.publishWarnEvent({ name: IntegrationWarnEventName.MissingPermission, diff --git a/src/utils/isAuthorizationError.ts b/src/utils/isAuthorizationError.ts new file mode 100644 index 0000000..74374f6 --- /dev/null +++ b/src/utils/isAuthorizationError.ts @@ -0,0 +1,9 @@ +import { authorizationErrorResponses } from '../gsuite/clients/GSuiteClient'; + +export function isAuthorizationError(statusText: string): boolean { + return ( + authorizationErrorResponses.filter((errorText) => + statusText.match(errorText), + ).length > 0 + ); +}